<?php

// ##############################################################################||
// #                                                                 
// #   MySmartBB Version 1.7.0	                                      
// #   http://www.MySmartBB.com                                      
// #   Copyright (c) 2008 by MySmartBB team                           
// #   license http://opensource.org/licenses/gpl-license.php GNU Public License
// #                                                             
// #   filename : newtopic.php                                         
// #   submit a new subject            
// #                                                                  
// ##############################################################################||

// ** General definitions **

     define('NOT_IN_INDEX',0);
     include('common.php');
     include('includes/SmartCode.js');
	 
     $SF->html_title_page('إضافة موضوع - (Powered By MySmartBB)');
// ** First Step To Add subject **

     if ($_GET['add'] == 1)
     {
         if (empty($_GET['id']))
         {
             $SF->error('الرابط المتبع خطأ');
         }
         else
         {
             $id = intval($_GET['id']);
         }


		$sql = $DB->sql_query("select * FROM " .$db_prefix . "badat order by rand() limit 50");
		$badat_num = $DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "badat"));

			$ghh = array();
			while($row=$DB->sql_fetch_array($sql))
				{
					$ghh[]=$row;
					$Smarty->assign('ghh',$ghh); 
				}

         $smiles_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "smiles WHERE smile_type='0' ORDER BY id ASC LIMIT 0,13");

         $smiles_row = array();
         while ($smile_row = $DB->sql_fetch_array($smiles_query))
         {
             $smiles_row[] = $smile_row;
             $Smarty->assign('smiles_row',$smiles_row);
         }

         $icons_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "smiles WHERE smile_type<>'0' ORDER BY id DESC");

         $icon_row = array();
         while ($icon_row = $DB->sql_fetch_array($icons_query))
         {
             $icons_row[] = $icon_row;
             $Smarty->assign('icons_row',$icons_row);
         }

         $section_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "section WHERE id='".intval($_GET['id'])."'");
         $section_row   = $DB->sql_fetch_array($section_query);
		 $section_num = $DB->sql_num_rows($section_query);
		 
		 if ($section_num < 1 ) {
		 $SF->error('المعذرة , القسم المطلوب غير موجود');
		 }else{

         if ($member_permission != 0)
         {
             $group_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "sectiongroup WHERE group_id='" . $member_row['usergroup'] . "' AND section_id='" . intval($_GET['id']) . "'");
             $group_row   = $DB->sql_fetch_array($group_query);
         }

         if ($member_permission == 0)
         {
             $group_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "sectiongroup WHERE group_id='7' AND section_id='" . intval($_GET['id']) . "'");
             $group_row   = $DB->sql_fetch_array($group_query);
         }

         if ($group_row['view_section'] == 0 or $group_row['write_subject'] == 0)
         {
             $SF->error('المعذرة، لا يمكنك الكتابه في هذا القسم');
         }

         $Smarty->assign_by_ref('section_row',$section_row);

         if (!empty($section_row['section_password']) and $groupper_row['admincp_allow'] != 1 and empty($_GET['password']))
         {
             $Smarty->display('section_password.tpl');
             $SF->MySmartBB_Exit();
         }

         if (!empty($section_row['section_password']) and $groupper_row['admincp_allow'] != 1 and !empty($_GET['password']))
         {
             $check_password = $DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "section WHERE id='" . $section_row['id'] . "' AND section_password='" . base64_decode($_GET['password']) . "'"));
             if ($check_password <= 0)
             {
                 $SF->error('المعذرة، كلمة المرور ليست صحيحة');
             }
             else
             {
                 $url_password = '&password=' . htmlspecialchars($_GET['password']);
                 $Smarty->assign('url_password',$url_password);
             }
         }

         if ($section_row['sub_section'] == 1)
         {
             $getmainsection_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "section WHERE id = '".$section_row['from_sub_section']."'");
             $getmainsection_row   = $DB->sql_fetch_array($getmainsection_query);
             $Smarty->assign('path_bar','<a href=forum.php?show=1&id='.$getmainsection_row['id'].'>'.$getmainsection_row['title'].'</a> <img src=image/ric2.png> <a href=forum.php?show=1&id='.$section_row['id'].'>'.$section_row['title'].'</a> <img src=image/ric2.png> إضافة موضوع');
         }
         else
         {
             $Smarty->assign('path_bar','<a href=forum.php?show=1&id='.$section_row['id'].'>'.$section_row['title'].'</a> <img src=image/ric2.png> إضافة موضوع');
         }

         $Smarty->display('path-bar.tpl');

         if ($groupper_row['group_mod'] == 1 )
         {
             $get_modQry = $DB->sql_query("SELECT * FROM " . $db_prefix . "sectionadmin
                                           WHERE section_id = '" . $section_row['id'] . "'
                                           AND member_id = '" . $member_row['id'] . "'" );

             $Smarty->assign( 'moderator', ( $DB->sql_num_rows( $get_modQry ) <= 0 ) ? 0 : 1 );
         }

         $SF->GetSmartCode();

         $Smarty->assign('s_id',intval($_GET['id']));
         $Smarty->assign('path_bar','<a href="forum.php?show=1&id=' . $section_row['id'] . $url_password . '">' . $section_row['title'] . '</a> <img src=image/ric2.png> إضافة موضوع');
         $Smarty->assign('we_in',1);
         $temp = md5(time());
         $Smarty->assign('temp',$temp);
         $Smarty->display('post_add-subject.tpl');
         $Smarty->display('footer.tpl');
     }
}
// ** Addition Step for Adding Poll **

     elseif ($_GET['newpoll'] == 1)
     {
         if (empty($_GET['id']))
         {
             $SF->error('الرابط المتبع خاطئ');
         }

         $smiles_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "smiles WHERE smile_type='0' ORDER BY id ASC LIMIT 0,13");

         $smiles_row = array();
         while ($smile_row = $DB->sql_fetch_array($smiles_query))
         {
             $smiles_row[] = $smile_row;
             $Smarty->assign('smiles_row',$smiles_row);
         }

         $icons_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "smiles WHERE smile_type<>'0' ORDER BY id DESC");

         $icons_row = array();
         while ($icon_row = $DB->sql_fetch_array($icons_query))
         {
             $icons_row[] = $icon_row;
             $Smarty->assign('icons_row',$icons_row);
         }

         $section_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "section WHERE id='".intval($_GET['id'])."'");
         $section_row   = $DB->sql_fetch_array($section_query);

         if ($member_permission != 0)
         {
             $group_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "sectiongroup WHERE group_id='" . $member_row['usergroup'] . "' AND section_id='" . intval($_GET['id']) . "'");
             $group_row   = $DB->sql_fetch_array($group_query);
         }

         if ($member_permission == 0)
         {
             $group_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "sectiongroup WHERE group_id='7' AND section_id='" . intval($_GET['id']) . "'");
             $group_row   = $DB->sql_fetch_array($group_query);
         }

         if ($group_row['view_section'] == 0 or $group_row['write_subject'] == 0)
         {
             $SF->error('المعذرة، لا يمكنك الكتابه في هذا القسم');
         }

         $Smarty->assign_by_ref('section_row',$section_row);

         $_GET['title'] = $SF->SafeOutPuts($_GET['title']);

         $Smarty->assign_by_ref('_GET',$_GET);

         $text = str_replace('<br /> ','',$_GET['text']);
         $text = str_replace('<br />','',$_GET['text']);

         $Smarty->assign('text',$text);
         $Smarty->assign('s_id',intval($_GET['id']));

         $SF->GetSmartCode();
         $Smarty->assign('temp',$_GET['temp_']);
         $Smarty->display('post_add-poll.tpl');
         $Smarty->display('footer.tpl');
     }

// ** Second Step: Check inster data **

     elseif ($_GET['start'] == 1)
     {
         if ($_POST['D1'] == 1)
         {
             $SF->go_to('newtopic.php?newpoll=1&temp_=' . $_POST['temp_'] . '&qnum=' . $_POST['D2'] . '&id=' . $_GET['id'] . '&title=' . $_POST['T1'] . '&text=' . nl2br($_POST['S1']),0);
             die();
         }

         if ($groupper_row['admincp_allow'] != 1)
         {
             if (trim ($member_row['lastpost_time']) != '')
             {
                 if ($member_permission == 1)
                 {
                     if ((time() - $info_row['floodctrl']) <= $member_row['lastpost_time'])
                     {
                         $SF->error ('المعذرة، لا يمكنك كتابة أي موضوع جديد الا بعد '.$info_row['floodctrl'].' ثانية');
                     }
                 }
             }
         }

         $section_check = $DB->sql_query("SELECT * FROM " . $db_prefix . "section WHERE id='".intval($_GET['id'])."'");
         $section_num   = $DB->sql_num_rows($section_check);
         $section_row   = $DB->sql_fetch_array($section_check);

         if ($member_permission != 0)
         {
             $group_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "sectiongroup WHERE group_id='" . $member_row['usergroup'] . "' AND section_id='" . intval($_GET['id']) . "'");
             $group_row   = $DB->sql_fetch_array($group_query);
         }

         if ($member_permission == 0)
         {
             $group_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "sectiongroup WHERE group_id='7' AND section_id='" . intval($_GET['id']) . "'");
             $group_row   = $DB->sql_fetch_array($group_query);
         }

         $title = trim($_POST['T1']);
         $des = trim($_POST['T2']);
         $text  = trim($_POST['S1']);
         $keywords = trim($_POST['keywords']);

         if (strlen(trim($title)) > $info_row['post_title_max'])
         {
             $SF->error('عدد حروف عنوان الموضوع أكثر من (' . $info_row['post_title_max'] . ')');
         }

	if (strlen(trim($des)) > $info_row['post_title_max'])
         {
             $SF->error('عدد حروف وصف الموضوع أكثر من (' . $info_row['post_title_max'] . ')');
         }
         if (strlen(trim($title)) < $info_row['post_title_min'])
         {
             $SF->error('عدد حروف عنوان الموضوع أقل من  (' . $info_row['post_title_min'] . ')');
         }

         if (strlen(trim($text)) > $info_row['post_text_max'])
         {
             $SF->error('عدد حروف الموضوع أكثر من (' . $info_row['post_text_max'] . ')');
         }

         if (strlen(trim($text)) < $info_row['post_text_min'])
         {
             $SF->error('عدد حروف الموضوع أقل من (' . $info_row['post_text_min'] . ')');
         }

         if ($group_row['view_section'] == 0 or $group_row['write_subject'] == 0)
         {
             $SF->error('المعذرة، لا يمكنك الكتابه في هذا القسم');
         }

         if (empty($title) or empty($text))
         {
             $SF->error('يرجى تعبئة كافة المعلومات');
         }

         if (empty($keywords))
         {
            $keywords = $_POST['T1'] ;
         }

         if (empty($_GET['id']))
         {
             $SF->error('الرابط المتبع خاطئ');
         }

         if ($section_num <= 0)
         {
             $SF->error('المعذرة، القسم المطلوب غير موجود');
         }

         $Smarty->assign_by_ref('section_row',$section_row);

         if (!empty($section_row['section_password']) and $groupper_row['admincp_allow'] != 1 and empty($_GET['password']))
         {
             $Smarty->display('section_password.tpl');
             $SF->MySmartBB_Exit();
         }

         if (!empty($section_row['section_password']) and $groupper_row['admincp_allow'] != 1 and !empty($_GET['password']))
         {
             $check_password = $DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "section WHERE id='" . $section_row['id'] . "' AND section_password='" . base64_decode($_GET['password']) . "'"));
             if ($check_password <= 0)
             {
                 $SF->error('المعذرة، كلمة المرور ليست صحيحة');
             }
             else
             {
                 $url_password = '&password=' . htmlspecialchars($_GET['password']);
             }
         }

         $stick_post = ( $_POST['stick'] == 1 ) ? 1 : 0;
         $close_post = ( $_POST['close'] == 1 ) ? 1 : 0;

         $writer = ( $member_permission == 0 ) ? 'زائر' : $member_row['username'];




		if (isset($_REQUEST['T1']))
			{
				$_REQUEST['T1'] = $SF->nohtml($_REQUEST['T1']);
			}
		
		if (isset($_GET['T1']))
			{
				$_GET['T1'] = $SF->nohtml($_GET['T1']);
			}
		
		if (isset($_POST['T1']))
			{
				$_POST['T1'] = $SF->nohtml($_POST['T1']);
			}
		
		if (isset($_REQUEST['S1']))
			{
				$_REQUEST['S1'] = $SF->nohtml($_REQUEST['S1']);
			}
		
		if (isset($_GET['S1']))
			{
				$_GET['S1'] = $SF->nohtml($_GET['S1']);
			}
		
		if (isset($_POST['S1']))
			{
				$_POST['S1'] = $SF->nohtml($_POST['S1']);
			}


			$ban_word	= array("<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; url",
								"<meta>",
								"script",
								"<script>",
								"<iframe ",
								"onfocus",
								"<IFRAME "
								);
			$text		= addslashes( $_POST['S1'] );
			$text		= str_replace($ban_word,'***',$text);
			$text		= str_replace('</script','***',$text);
			$text		= str_replace('">"">>>><script>location="','***',$text);
			
			$title		= addslashes( $_POST['T1'] );
			$title		= str_replace($ban_word,'***',$title);
			$title		= str_replace('</script','***',$title);
			$title		= str_replace('">"">>>><script>location="','***',$title);
			
			$keywords	= str_replace($ban_word,'***',$keywords);
			$keywords	= str_replace('</script','***',$keywords);
			$keywords	= str_replace('">"">>>><script>location="','***',$keywords);	
			
			$describe	= addslashes( $_POST['T2'] );
			$describe	= str_replace($ban_word,'***',$describe);


         $id = intval($_GET['id']);
         $getattach_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "attach WHERE subject_id='" . $id . "' AND reply<>'1'");
         $getattach_num = $DB->sql_num_rows($getattach_query);
         if ($getattach_num != 0)
         {	

	$insert = $DB->sql_query("INSERT INTO " . $db_prefix . "subject (id, title, text, writer, section, write_date, stick, close, write_time, icon, subject_describe, wr_date, native_write_time, gmt_time, sec_subject, subscribe, bad, keywords, attach_subject) VALUES( 'NULL', '" . addslashes( $title ) . "', '" . addslashes( $text ) . "', '" . $writer . "', '" . intval( $_GET['id'] ) . "', '" . $date . "', '" . $stick_post . "', '" . $close_post . "', '" . $now . "', '" . addslashes( $_POST['R1'] ) . "', '" . addslashes( $describe ) . "', '" . $date . "', '" . $now . "', '" . $gmttime . "', '" . $section_row['sec_section'] . "', '" . $_POST['subs'] . "', '" . $_POST['f1'] . "', '" . addslashes( $keywords ) . "', '" . 1 . "')" );
		 
		 }
		 
		 else
		 
		 {
			
	$insert = $DB->sql_query("INSERT INTO " . $db_prefix . "subject (id, title, text, writer, section, write_date, stick, close, write_time, icon, subject_describe, wr_date, native_write_time, gmt_time, sec_subject, subscribe, bad, keywords) VALUES( 'NULL', '" . addslashes( $title ) . "', '" . addslashes( $text ) . "', '" . $writer . "', '" . intval( $_GET['id'] ) . "', '" . $date . "', '" . $stick_post . "', '" . $close_post . "', '" . $now . "', '" . addslashes( $_POST['R1'] ) . "', '" . addslashes( $describe ) . "', '" . $date . "', '" . $now . "', '" . $gmttime . "', '" . $section_row['sec_section'] . "', '" . $_POST['subs'] . "', '" . $_POST['f1'] . "', '" . addslashes( $keywords ) . "')" );
					
		}
		
		
		
		
         $subjectid = $DB->sql_insert_id($insert);

         $inseru = $DB->sql_query("UPDATE " . $db_prefix . "attach set subject_id='" . $subjectid . "' where temp='" . $SF->SafeSQL($_GET['temp_']) . "'");

         if ($_POST['poll'] == 1)
         {
             if (empty($_POST['qus']) or empty($_POST['ans1']) or empty($_POST['ans2']))
             {
                 $SF->error('يرجى تعبئة معلومات التصويت');
             }

             $insert_poll = $DB->sql_query("INSERT INTO " . $db_prefix . "poll(id,qus,ans1,ans2,ans3,ans4,ans5,ans6,ans7,ans8,subject_id) VALUES('NULL','" . $_POST['qus'] . "','" . $_POST['ans1'] . "','" . $_POST['ans2'] . "','" . $_POST['ans3'] . "','" . $_POST['ans4'] . "','" . $_POST['ans5'] . "','" . $_POST['ans6'] . "','" . $_POST['ans7'] . "','" . $_POST['ans8'] . "','" . $subjectid . "')");
             $update_subject = $DB->sql_query("UPDATE " . $db_prefix . "subject SET poll_subject='1' WHERE id='" . $subjectid  . "'");
         }

         if ($insert)
         {
             $update = $DB->sql_query("UPDATE " . $db_prefix . "member SET posts=posts+1,lastpost_time='".time()."' WHERE username='" . $SF->SafeSQL($member_row['username']) . "'");

             if ($groupper_row['usertitle_change'] == 1)
             {
                 $getusertitle_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "usertitle WHERE posts>='" . $member_row['posts'] . "'");
                 $getusertitle_row   = $DB->sql_fetch_array($getusertitle_query);
                 $getusertitle_num   = $DB->sql_num_rows($getusertitle_query);
                 if ($getusertitle_num > 0)
                 {
                     $update_usertitle = $DB->sql_query("UPDATE " . $db_prefix . "member SET user_title='" . $SF->SafeSQL($getusertitle_row['usertitle']) . "' WHERE username='" . $SF->SafeSQL($member_row['username']) . "'");
                 }
             }

             $update_last = $DB->sql_query("UPDATE " . $db_prefix . "section SET last_writer='" . $SF->SafeSQL($member_row['username']) . "',last_subject='" . $SF->SafeSQL($SF->titlecut($_POST['T1'],28)) . "',last_subjectid='" . $subjectid . "',last_date='" . $date . "' WHERE id='" . intval($_GET['id']) . "'");

             if ($section_row['sub_section'] == 1)
             {
                 $update_last = $DB->sql_query("UPDATE " . $db_prefix . "section SET last_writer='" . $SF->SafeSQL($member_row['username']) . "',last_subject='" . $SF->SafeSQL($SF->titlecut($_POST['T1'],28)) . "',last_subjectid='" . $subjectid . "',last_date='" . $date . "' WHERE id='" . $section_row['from_sub_section'] . "'");

                 $updateforums         =         $SF->UpdateSubForums();
             }
             
                 $updateforums         =         $SF->UpdateForumsArray();
             

             $update_info = $DB->sql_query("UPDATE " . $db_prefix . "info SET subject_number=subject_number+1 WHERE id='1'");

             if ($updateforums)
             {
				$Smarty->assign('msgg','طُرِحَ الموضوع بنجاح ، ستُنقَل إلى الموضوع بعد بضع ثوانٍ'); 
				$Smarty->assign('GO','show.php?main=1&id=' . $subjectid . $url_password);
				$SF->go_to('show.php?main=1&id=' . $subjectid . $url_password,2);            
				$Smarty->display('loading.tpl');

                $Smarty->display('footer.tpl');
             }
         }
     }

?>